👩‍💻IW Weekly #73: ATO in Shopify Stores, CVE-2023-36809, Risks in Cross-Chain Bridges, Bypassing Firewalls, Hacking iOS Apps, Uncovering Zenbleed and many more..

Welcome to the #IWWeekly73 - the Monday newsletter that brings the best in Infosec straight to your inbox.

To help you out, we have 5 Articles, 4 Threads, 3 Videos, 2 Job Alerts and a Special Item 🫢

Read, upskill yourself and spread love to the community 💝

Excited? Let’s jump in 👇

📝 5 Infosec Articles

1. Unlocking the World of Bug Bounties: A Comprehensive Starter Guide by @KHIZER_JAVED47.
2. @OphionSecurity's Insightful Analysis on Customer Account Takeover Risks in Shopify Stores.
3. @mq_xz_ reveals Stored XSS in KiwiTCMS due to Improper Neutralization of Input during Web Page Generation (CVE-2023–36809).
4. Exploring Vulnerabilities in Cross-Chain Bridges: A Deep Dive into Common Risks by @immunefi.
5. Learn to bypass phone lock using insights from @max_r_b and @DamianoMelotti, unraveling Android's file-based encryption.

🧵4 Trending Tweets

1. Discover how professional hackers bypass firewalls in pentests with @expankita!
2. @Rhynorater unravels the art of discovering creative bugs woven into complex chains of gadgets.
3. @naglinagli reveals earning 5-figure bounties from leaked, non-interactive email links, exposing unexpected sources of data breaches.
4. @Michael1026H1 shows the highs and lows of bug bounty automation over the years in this informative thread.

📽️ 3 Insightful Videos

1. Hacking iOS Apps - Uncovering Vulnerabilities, where @Securityb0at dives deep into the intriguing world of iOS app security.
2. @ctbbpodcast highlights 5 must-see bug bounty write-ups showcasing ingenious exploits and vulnerabilities.  
3. Join @LiveOverflow as he delves into the fascinating process of how @taviso fuzzed CPUs to uncover Zenbleed, unveiling the intricate techniques behind this discovery.

💼 2 Job Alerts

1. Dyson is seeking a Senior IT Security Risk & Compliance Analyst in Bengaluru, India.
2. Join TEKsystems as an Application Security Analyst-DAST in Hyderabad, Telangana, India.

🎁 1 Special Item

1. Nuclei Template Editor - AI-powered hub to create, debug, scan, and store templates. Collaborate effortlessly with your team and community created as a part of @pdiscoveryio cloud platform.

That’s all for this week. Hope you enjoyed these incredible finds and learned something new from today’s newsletter. Meet you again next week hacker, until then keep pushing 💪

This newsletter would not have been made possible without our amazing ambassadors.

Resource contribution by: Nikhil A Memane, Hardik Singh, Ayush Singh, Manikesh Singh, Bhavesh Harmalkar, Vinay Kumar

Newsletter formatting by: Manan, Hardik Singh, Siddharth, Rushi Padhiyar

Lots of love
Editorial team,
Infosec Writeups